Evaluation of Online Resources in Assisting Phishing Detection

Phishing is an attempt to fraudulently acquire userspsila sensitive information, such as passwords or financial information, by masquerading as a trustworthy entity in online transactions. Recently, a number of researchers have proposed using external online resources like the Google Page Rank system to assist phishing detection. The advantage of such an approach is that the detection capability will gradually evolve and improve as the online resources become more sophisticated and manipulation-resistant. In this paper, we evaluate the effectiveness of three popular online resources in detecting phishing sites-viz, Google PageRank system, Yahoo! Inlink data, and Yahoo! directory service. Our results indicate that these online resources can be used to increase the accuracy of phishing site detection when used in conjunction with existing phishing countermeasures. The proposed approach involves examining the following three attributes of a target site (site being examined): (1) the credibility of the target sitepsilas hosting domain, (2) the credibility of in-neighbor sites that link to the hosting domain, and (3) the correlation between the target sitepsilas web category and its hosting domainpsilas web category. The aforementioned online resources by themselves are insufficient to address the phishing attack problem. We provide discussions on how each of those resources may be integrated with existing phishing detection techniques to provide a more effective solution.